Share via

Pod workload identity to retrieve secret

Ihsen Alaya 85 Reputation points
2024-08-14T19:01:08.0966667+00:00

Hi everyone,

I'm trying to mount a file share as a Persistent Volume Claim (PVC) in AKS. The file share's key is secured in Azure Key Vault. How can I configure the pods to retrieve this secret from Key Vault and use the file share as a PVC?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,451 questions
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,424 questions
Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,456 questions
0 comments
Accepted answer
  1. Sina Salam 22,031 Reputation points Volunteer Moderator
    2024-08-14T21:43:52.08+00:00

    Hello Ihsen Alaya,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you would like to secure the file share's key with Azure Key Vault and Azure file share will be as a Persistent Volume Claim (PVC) in Azure Kubernetes Service (AKS).

    There are many long steps to might need to do, from creating and configure Azure Key Vault, Configure AKS to Access Azure Key Vault, and create a Persistent Volume (PV) and Persistent Volume Claim (PVC), You will also need to create a Secret Provider Class (SPC) which will define how the secrets from Azure Key Vault should be presented to your pods: https://learn.microsoft.com/en-us/azure/aks/azure-csi-files-storage-provision

    Then, you will use the Secrets Store CSI Driver to natively retrieve secret contents from Azure Key Vault. This driver securely provides secrets to the requesting pods: https://learn.microsoft.com/en-us/azure/aks/developer-best-practices-pod-security

    Here you have more detailed steps on how to use the Azure Key Vault provider for Secrets Store CSI Driver in an Azure Kubernetes Service (AKS) cluster: https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver

    Accept Answer

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.